What’s in This Guide?

As an eCommerce merchant, you have probably already done at least some preliminary investigation into how to best respond to the potential impact of PSD2’s new security measures. This is not an easy task given the uncertainties surrounding the regulation. Although the delay in enforcement across most of Europe has meant more time to get ready, it has also further complicated the definition of sufficient preparedness.

The October 2019 EBA Opinion, indicating that the deadline for migration to Strong Customer Authentication (SCA) is 31 December 2020, should increase the likelihood of an aligned approach to SCA by banks across the region. But many online retailers are still working to develop comprehensive plans to protect their customers’ experience and revenue from 2020 onwards.

To shed light on what’s important to European consumers and to reveal how merchants plan to deal with PSD2, Riskified surveyed 2000 consumers and 200 online retailers across the UK, Germany, France, and Spain. The survey results reveal how online shoppers are likely to react to the increased security measures and potential friction, and that retailers’ intended actions might not be sufficient.

In this guide, we share key findings from the survey – providing context to merchants who are assessing how to best prepare for PSD2’s enforcement. We then describe the main approaches to protecting revenue under the regulation, followed by a list of considerations retailers should take into account (and questions to ask) when contemplating partnering with a third party to mitigate the risks associated with PSD2.